Paper 2014/655
Pleco and Plectron -- Two Provably Secure Password Hashing Algorithms
Bo Zhu, Xinxin Fan, and Guang Gong
Abstract
Password-based authentication has been widely deployed in practice due to its simplicity and efficiency. Storing passwords and deriving cryptographic keys from passwords in a secure manner are crucial for many security systems and services. However, choices of well-studied password hashing algorithms are extremely limited, as their security requirements and design principles are different from common cryptographic algorithms. In this paper, we propose two practical password hashing algorithms, Pleco and Plectron. They are built upon well-understood cryptographic algorithms, and combine advantages of symmetric and asymmetric primitives. By employing the Rabin cryptosystem, we prove that the one-wayness of Pleco is at least as strong as the hard problem of integer factorization. In addition, both password hashing algorithms are designed to be sequential memory-hard, in order to thwart large-scale password cracking by parallel hardware, such as GPUs, FPGAs, and ASICs. Moreover, total computation and memory consumptions of Pleco and Plectron are tunable through their cost parameters.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- passwordhashingloginauthentication
- Contact author(s)
- bo zhu @ uwaterloo ca
- History
- 2014-09-12: revised
- 2014-08-27: received
- See all versions
- Short URL
- https://ia.cr/2014/655
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/655,
author = {Bo Zhu and Xinxin Fan and Guang Gong},
title = {Pleco and Plectron -- Two Provably Secure Password Hashing Algorithms},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/655},
year = {2014},
url = {https://eprint.iacr.org/2014/655}
}
